ONGOING SECURITY & PRIVACY PROGRAM AUDIT



Practices should be monitoring HIPAA Privacy and HIPAA Security compliance ongoing. Compliance officers, in conjunction with HIPAA Privacy and HIPAA Security officers, should be monitoring completion of HIPAA education, as well as detecting and investigating potential HIPAA compliance incidents occurring during daily operations. Additionally, there should be several HIPAA items included in the practice’s annual audit plan, specifically focusing on ensuring that patient records are accessed and disclosed appropriately and that internal controls are effectively securing protected health information.